Company Description
We're ASOS, the online retailer for fashion lovers all around the world.
We exist to give our customers the confidence to be whoever they want to be, and that goes for our people too. At ASOS, you're free to be your true self without judgement, and channel your creativity into a platform used by millions.
But how are we showing up? We're proud members of Inclusive Companies, are Disability Confident Committed and have signed the Business in the Community Race at Work Charter and we placed 8th in the Inclusive Top 50 Companies Employer list.
Everyone needs some help showing up as their best self. Let our Talent team know if you need any adjustments throughout the process in whatever way works best for you.
Job Description
This role reports to the Head of Security Operations.
The Role:
As an experienced SOC and Incident Response Manager at ASOS, you will lead our cyber security incident response efforts and ensure effective and efficient resolution of security incidents, while maintaining our vital relationship with our external SOC. The ideal candidate will have a strong technical background in cybersecurity, a proven track record of managing incident response teams, excellent vendor stakeholder management skills and possess exceptional leadership, communication, and problem-solving skills.
The role will interface between the wider technology teams and our cyber security team, including our third-party partners, ensuring a consistent response to all cyber security incidents.
Responsibilities:
- Manage and lead the incident response team, ensuring effective operations and high morale within the team.
- Oversee the identification, response, investigation, and resolution of security incidents within SLA's.
- Establish and maintain incident response processes, procedures, and documentation, ensuring they align with industry best practices.
- Liaise with our 3rd Party Security Operations Centre, to ensure effective service and handover of incidents between teams.
- Conduct regular incident response training and drills to enhance team readiness and improve response times.
- Ability to perform and speak around log analysis and log integration into the SIEM.
- Define incident response metrics, dashboards and track and report on key performance indicators (KPIs) to senior management, suggesting improvements as needed.
- Delegate unassigned newly submitted tickets to analysts keeping in mind current workloads and availability.
- Lead incident post-mortem analysis to identify root causes, lessons learned, and recommend measures for prevention or improvement.
- Establish and maintain a database of detected and reported information security incidents.
- Conduct periodic threat simulation activities to evaluate the adequacy of deployed detective controls.
Qualifications
About You:
- Proficiency in incident response tools, such as SIEM, EDR, and forensic analysis tools.
- Proven ability to make decisions under pressure and coordinate multiple incident response activities simultaneously.
- Strong analytical and problem-solving abilities to quickly assess and resolve complex security incidents.
- Knowledge of relevant legal and regulatory requirements related to incident response.
- Experience working with cloud security technologies and environments (e.g., AWS, Azure).
- General exposure to UK legislation, security technologies and frameworks such as PSI-DSS, Computer Misuse Act, GDPR, NIST, ISO 27001, Cyber Essentials etc.
Additional Information
BeneFITS:
- Employee discount (hello ASOS discount!)
- ASOS Develops (personal development opportunities across the business)
- Employee sample sales
- Access to a huge range of LinkedIn learning materials
- 25 days paid annual leave + an extra celebration day for a special moment
- Discretionary bonus scheme
- Private medical care scheme
- Flexible benefits allowance - which you can choose to take as extra cash, or use towards other benefits
Why take our word for it? Search #InsideASOS on our socials to see what life at ASOS is like.
Want to find out how we're tech powered? Check out the ASOS Tech Podcast here ASOS Tech Podcast. Prefer reading? Check out our ASOS Tech Blog here ASOS Tech Blog.